Das*_*uss 7 get http idempotent stripe-payments
When we make a stripe checkout session we include a success url:
session = await this.stripe.checkout.sessions.create({
payment_method_types: ['card'],
line_items: lineItems,
payment_intent_data: {
transfer_data: {
amount: 9999999,
destination: someaccountId,
},
},
success_url: `http://localhost:4000/api/checkout/success?true&session_id={CHECKOUT_SESSION_ID}&alias_id=${aliasId}`,
cancel_url: `http://localhost:4000/api/checkout/canceled?session_id={CHECKOUT_SESSION_ID}`,
});
The success URL is where stripe sends the user after a successful payment. It's a GET request since stripe is redirecting the user. Many apps using stripe will need to take actions after a successful checkout- sending an email receipt, notifications, sending paid content, updating the order in the database etc. But it's suggested not to do these actions in GET requests because GET requests are supposed to be idempotent and safe.
For example an unsubscribe link in an email should not unsubscribe a user but instead the "proper approach for unsubscribe links is to lead to a page where the user can click a button to unsubscribe (where the button click triggers a POST request)."src This is because "Many, many, many tools, utilities, web crawlers and other thingamajiggies assume that GET will never be a destructive action (rightly so, since it's specified this way). If you now break your application by breaking that specification, you'll get to keep both parts of your application." src
So I was wondering what is the proper way to handle the stripe success url? If we follow the suggested advice above, then the success url would link to a page where the user clicks a button that updates the order, emails a receipt, etc. But then we are relying on customer to finish the order that has already been paid for. If they don't press that button then important actions aren't completed. What is the proper way to do this? Or does the suggestion to not change the database on a GET request not apply for some reason to these type of actions?
使该页面中处理结账会话代码的部分具有幂等性 - 即首先检查其步骤是否已被处理(在这种情况下跳过),否则使其执行的任何处理都可以重复多次第一次运行后不会产生任何额外的效果。
对于“工具、实用程序、网络爬虫和其他东西”来说,使用有效的结帐会话 ID 访问您的 URL 几乎是不可能的,因此无论您使用什么代码来处理“错误的会话 ID”,都可以很好地处理。
您还应该有一个用于此目的的 Webhook - 它将收到 POST 请求。 https://stripe.com/docs/ payments/checkout/fulfill-orders#handle-the---event
| 归档时间: |
|
| 查看次数: |
11213 次 |
| 最近记录: |